Atlas

Share your idea. In order to help prioritize, please include the following information

  1. A brief description of what you are looking to do
  2. How you think this will help
  3. Why this matters to you

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Atlas User permissions/role by Cluster

    It would be very helpful to restrict/allow access to clusters within an Atlas project, by Atlas user. This can be achieved with database users, but Atlas users have all or nothing access to the clusters within a project.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Warn when attempting to add a new IP address to network access that is already covered by an existing entry

    Currently, if one tries to add a new IP address to the list of whitelisted IPs for a database in the 'Network Access' page, and the new IP is a duplicate of an existing entry, there is no warning or indication given to the user, and the list of IPs remains unchanged.

    This makes it seem like the button to add a new IP doesn't work, as the list of IPs doesn't change.

    So there should be some indication that the user attempted to add a duplicate IP, and because of that, the list of allowed IPs was not changed.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Separate access control for read-only replicas

    There is a multi-replica cluster and there are read replicas. I consider it necessary to add the ability to restrict access separately for a read-only replica. Thus, limit the connection not only to the entire cluster at the project level, but also to specific replicas (for example, limiting access to read replicas).
    I think that this is a standard business problem, the solution of which is simply necessary to exist in a product like yours.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Allow access from anywhere button to be a separate UI permission

    "allow access from anywhere" button should be a separate privilege. This would allow the ability to add it to a role. The goal is to allow developers to log into the control plane, use the UI to add 1 single IP(theirs)...but not open up IPs to all(0.0.0.0/0).

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. More granular user privileges for Database User in same project

    When having several clusters in the same project, it would be nice if we could configure different privileges to different clusters for the same user credentials.

    Like in the following example

    Name | Cluster1 | Cluster2 | Cluster3 | Cluster4
    User1 | R/W | R | R | R/W
    User2 | R | R/W | R | R

    Currently it's not possible to specify different privileges on the cluster level.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. RBAC for Atlas Search

    Atlas Search Indexes can only be managed via MongoDB credentials (Terraform or API calls), with required role "Project Data Access Admin" (see https://docs.atlas.mongodb.com/reference/api/fts-indexes-create-one/#required-roles ). It would be great if we could create/delete search indexes using database credentials, similarly to regular indexes.

    Because of that constraint, we need to provision dedicated apikey for our application ; in order to create the relevant search indexes. However, providing "Project Data Access Admin" is too much of a security risk - considering the power of such role.

    Would it be possible to have dedicated "Atlas Search Admin" role which would allow creation / updating…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Support Login with Microsoft Credentials

    When login to Atlas, we can use Google Login at the moment.
    Please add Login with Microsoft Credentials.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Being able to enable / disable Database users

    When managing accounts and permissions, it could be great to "disable" an account before deleting it or reseting its password.

    By example GCP ServiceAccounts have this feature. It helps to restore a service of an account faster if this one is still in use.

    It will also help to set a kind of "policy" where inactive accounts get deactivated for a period of time and then deleted if not reactivated till then.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Allow custom duration for Temporary Users

    In our software development lifecycle, we have sprints that are 2 weeks long.

    We create temporary users for Software Engineers that are "onCall" during a sprint. The role is moving to a different engineer each new sprint.

    It would be great to be able to specify an explicit deleteAfterDate value or a custom duration greater than the current 6 days.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Show last activity of user

    For managing Database Users, it would be nice to see when that user was last used to authenticate with the cluster - so that we can spot potentially unused accounts and to act as an extra layer of confirmation when deleting accounts that we think are not needed anymore.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Manage Database Access and Network access

    I would like to give colleagues the ability to manage Database Access and Network access for a project without giving the the project owner role.

    A way to provide more granular access in Atlas would be nice

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Allow setting temporary IPs to API Access List

    When testing out API keys that are normally only run through CI/CD tools, I'd like to be able to add my local IP to the API Access List for a temporary time window.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. Federation metadata.xml for automatic idp certificate rotation

    It would be great to have an opportunity to automatically rotate the idp signature certificate.

    I could provide a metadata.xml url. With that metadata.xml in generally it's possible that okta rotate the certificate on it's own. But it's not possible to configure in Mongodb Atlas.

    Best regards
    Fabian

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. More Fine-Grained Custom Roles

    Our developers need to access databases from home or an office location from time to time.
    They are not Project Owners and should not have broad sweeping administrative privileges over the databases.
    In some cases they may be outsource workers who would only have read-only views on the data.
    However, they do need to be able to connect to the databases.
    Currently, you need a Project Owner role to be able to add an IP address to the whitelist and allow remote access.
    Please add the ability to create custom roles for Atlas users, which would enable us to create…

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Atlas console authentication logs

    MongoDB Atlas does not seem to provide a tool or a page that will show the authentication logs for the Atlas console users. Example - a log indicating when a project owner or a cluster manager logged in or out of the Atlas console along with the relevant time stamps.

    I have raised a support case with MongoDB and the engineer suggested to raise a feature request as this feature is currently not available. Refer case #00755619.

    Thank you.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. Need access to the REST API for IdP Federation

    Currently all IdP federation set up must be done in the Atlas GUI. This prohibits scripting the setup of IdP organization and role mapping for new projects.

    Customers can prefer setting this up via a scriptable Rest API interface for a new project. Everything else about the project has an API that is currently used to create projects and deploy clusters. Authentication is important part of the process and currently requires manual set up through the GUI.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. Improve password manager support on login screen

    Currently on the Atlas login screen it presents a button to authenticate using Google and a text field to enter an email address. Upon entering an email address there's a brief pause - presumably to check if the email address is bound to a configured SAML provider - and if not then the password field appears.

    Since the password field doesn't exist in the DOM until it's needed it means password managers have to autofill the email and password fields as two separate steps. I propose to have the password field present and hidden from the start so that password…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. make empty teams possible

    It is currently not possible to create empty teams of remove all users from teams.
    We would like to arrange our access management through teams. For our production environment we want a 'read only' and an 'admin' team. The admin team should be empty at all times, except in the case of incidents where we want to add specific users to the admin team to be able to solve the incident.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base